Privacy & Cookie Policy

1. Introduction

This Privacy & Cookie Policy explains how MB Bartus IT Solutions ("Funnelion.ai", "we", "us") processes personal data and uses cookies when you visit funnelion.ai, request a demo, or use the Funnelion.ai service. It applies whether you contact us as a prospective customer, an end user of a customer deployment, a partner, or a website visitor.

We are committed to processing personal data lawfully, fairly and transparently in line with the EU General Data Protection Regulation 2016/679 (GDPR) and the Lithuanian Law on the Legal Protection of Personal Data.

2. Data controller

The data controller for personal data processed in connection with this website and the Funnelion.ai service is:

3. What personal data we collect

Depending on how you interact with us, we may process the following categories of personal data:

• Identification and contact data: full name, work email, job title, company name, phone number, country.
• Communication data: the content of messages, demo requests, support tickets and emails you send us.
• Account data (for customers): user ID, login credentials (stored hashed), role, language preference.
• Customer Data: business data you or your end users upload, connect or process through Funnelion.ai. This may include CRM records, call recordings, transcripts, email metadata, web form submissions and revenue events. We act as a processor for this data on behalf of the customer.
• Technical and usage data: IP address, device and browser information, pages viewed, referring URL, session duration, error logs and feature usage.
• Cookie and similar data: see the Cookies section below.

4. How we use personal data and lawful basis

We process personal data for the following purposes:

• To respond to enquiries, run demos and onboard new customers (legitimate interest in operating our business; performance of pre-contractual steps).
• To deliver and operate the Funnelion.ai service, including authentication, configuration, billing and support (performance of a contract).
• To improve and secure the service, including aggregated analytics, abuse detection and incident response (legitimate interest in a stable, secure product).
• To send service announcements and, where you have opted in, occasional product updates and educational content (consent for marketing emails; legitimate interest for transactional service messages).
• To comply with legal obligations under Lithuanian and EU law, including accounting and tax (legal obligation).

5. How we share personal data

We do not sell personal data. We share it only with:

• Sub-processors that help us operate the service (hosting, email delivery, error monitoring, analytics, customer support tooling). Sub-processors act under written data processing agreements and are listed on request.
• Professional advisers (accountants, auditors, lawyers) under duties of confidentiality.
• Authorities or courts, where we are legally required to disclose data.
• Successors in the event of a corporate transaction (merger, acquisition or asset sale), in which case we will notify affected customers.

6. International transfers

Our infrastructure and most sub-processors are located in the European Economic Area (EEA). Where personal data is transferred outside the EEA, we rely on appropriate safeguards under GDPR Articles 45 to 49, typically European Commission Standard Contractual Clauses, supplemented by technical measures such as encryption in transit and at rest.

7. How long we keep personal data

• Marketing leads and demo requests: up to 24 months from last contact, then deleted or anonymised.
• Customer account data: for the duration of the contract and up to 12 months after termination, then deleted unless retention is required by law.
• Customer Data (as processor): retained only as instructed by the customer; deleted or returned on termination per the Data Processing Agreement.
• Accounting records: 10 years, as required by Lithuanian law.
• Website logs and analytics: up to 14 months.

8. Your rights

Subject to the conditions in GDPR, you have the right to:

• Access the personal data we hold about you and receive a copy.
• Rectify inaccurate or incomplete data.
• Erase data ("right to be forgotten") in the circumstances permitted by GDPR.
• Restrict or object to processing based on legitimate interests, including direct marketing.
• Receive your data in a portable format and have it transmitted to another controller.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with a supervisory authority. The competent authority in Lithuania is the State Data Protection Inspectorate (VDAI), L. Sapiegos g. 17, LT-10312 Vilnius, ada@ada.lt.

To exercise any of these rights, contact us at info@bartusit.com. We will respond within one month and may request proof of identity.

9. Your responsibilities

You are responsible for ensuring that any personal data you provide to us is accurate, current and complete, and for updating us if it changes. You are also responsible for ensuring you have the right to share any data you submit, including the personal data of other people.

We may decline to provide the Service to, or restrict access for, anyone we reasonably believe to be under 16, and we may ask you to clarify or verify the data you provide where this is necessary to handle your request.

10. Security

We apply organisational and technical measures appropriate to the risk, including TLS encryption in transit, encryption of data at rest where supported, least-privilege access controls, audit logging, regular backups and a written incident response plan. No system is perfectly secure, so we keep our measures under continuous review.

11. Children

Funnelion.ai is a B2B product not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact info@bartusit.com so we can remove it.

12. Third party websites, services and products

Our website and Service may contain links to third party websites, services or products that we do not operate or control. This Privacy & Cookie Policy does not apply to those third parties. We are not responsible for their content or privacy practices, and we encourage you to review the privacy policy of any third party service before providing personal data to it.

13. What are cookies

Cookies are small text files placed on your device by websites you visit. Similar technologies include local storage, pixel tags and SDKs. They allow a site to recognise your device across pages and visits, and to store small amounts of information about you and your session.

14. How we use cookies

funnelion.ai uses cookies for three purposes:

• To run essential parts of the site (keeping you signed in, balancing load, preventing cross-site request forgery).
• To understand how visitors use the site so we can improve it.
• To remember your locale preference (English or Lithuanian).

We do not use cookies for advertising, profiling or cross-site tracking.

15. Cookies and similar technologies we set

16. Your choices

• Cookie wall. On your first visit you are asked to accept our use of cookies before continuing to the site.
• Browser controls. Most browsers let you block or delete cookies through their settings. Blocking strictly necessary cookies may break parts of the site.
• Google Analytics opt-out. You can install the Google Analytics Opt-out Browser Add-on from https://tools.google.com/dlpage/gaoptout.

17. Third party cookies

We use Google Analytics 4 as a third party service. Information generated by these cookies (such as IP address, in anonymised form) is transmitted to and stored by Google. International transfers are protected by appropriate safeguards (Standard Contractual Clauses).

18. Changes to this policy

We may update this Privacy & Cookie Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. For material changes we will give prominent notice on the site or by email to active customers.

19. Contact us

Questions, requests or complaints about this Privacy & Cookie Policy: